delorie.com/archives/browse.cgi | search |
Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
List-Post: | <mailto:cygwin AT cygwin DOT com> |
List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs> |
Sender: | cygwin-owner AT cygwin DOT com |
Mail-Followup-To: | cygwin AT cygwin DOT com |
Delivered-To: | mailing list cygwin AT cygwin DOT com |
To: | cygwin AT cygwin DOT com |
X-Injected-Via-Gmane: | http://gmane.org/ |
Path: | not-for-mail |
From: | Andrew Markebo <andrew DOT markebo AT telia DOT com> |
Subject: | Re: OpenSSH and cygwin: let a user only connect via sftp. |
Date: | Thu, 05 Dec 2002 16:08:41 +0100 |
Lines: | 22 |
Message-ID: | <m3of80zeo6.fsf@flognat.myip.org> |
References: | <ED5638825509D4118F9D000102054B1C02226532 AT EXSRV-NES> <006e01c29c52$595e0360$78d96f83 AT pomello> |
NNTP-Posting-Host: | h146n2fls23o900.telia.com |
Mime-Version: | 1.0 |
X-Trace: | main.gmane.org 1039100920 6759 213.66.142.146 (5 Dec 2002 15:08:40 GMT) |
X-Complaints-To: | usenet AT main DOT gmane DOT org |
NNTP-Posting-Date: | Thu, 5 Dec 2002 15:08:40 +0000 (UTC) |
X-message-flag: | Infected by Norwegian Cheese |
User-Agent: | Gnus/5.090008 (Oort Gnus v0.08) Emacs/20.7 |
(i386-redhat-linux-gnu) | |
Cancel-Lock: | sha1:bdxQcITbdLdcioJe4Fc7ELdYJwA= |
/ "Max Bowsher" <maxb AT ukf DOT net> wrote: | Schonder, Matthias <Matthias DOT Schonder AT Geis-Group DOT de> wrote: > >> How do I have to set passwd (if it is done there) that he only can >> connect to the server via sftp and not via ssh. >> What do I have to do? > | Setting a user's shell to /bin/false might (and I repeat, *might* - this is | speculation) work. Nope not for sftp, the problem is that sftp uses the users shell to navigate and fetch files. (it logs in using ssh) So what you have to do is to give the user a shell that has enough rights to do what scp needs, check files, read them and so on, but not allowed to fire up applications and so on. Think I have seen it mentioned, maybe in the neighbourhood of sftp development.. /Andy -- The eye of the beholder rests on the beauty! -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |